crewAI: Docker Fallback Vulnerability (CVE-2026-2287)
Summary
CVE-2026-2287: crewAI falls back to a root-equivalent Docker execution context when the docker-py library is available but the Docker daemon is not accessible, creating a container escape path in containerized deployments.
Technical Details
When crewAI initializes agent execution environments and the Docker Python SDK detects dockerd running but the agent lacks daemon access, the fallback path uses system-level subprocess calls with elevated privileges. In shared Kubernetes pods, this allows privilege escalation to the host.
Impact
Container escape in Kubernetes/Multi-tenant environments where crewAI agents are deployed as shared services. Allows an attacker to break out of the container and access the host filesystem.
Affected Versions
crewAI < 0.82.1 (confirmed vulnerable)
Remediation
Upgrade to crewAI 0.82.1 or later. Ensure Docker daemon is not reachable from agent containers. Use Kubernetes security contexts and pod security policies to restrict container capabilities.